When a 'False Positive' isn't a false positive

When a 'False Positive' isn't a false positive

Recently I've been hearing questions from journalists, other bloggers and customers about what exactly makes systems fail validation. Specifically, I have been asked for two things. First, a breakdown of the kinds of piracy that are detected by WGA and which are the most common. And second, what is the rate of “false positives” with WGA (falsely identifying a copy of Windows as counterfeit)?

First on the question of what makes up the WGA failures. About 1 in 5 of the 300 million PCs that have run WGA validation fail. That is pretty much in line with industry numbers for software piracy. By volume most of the validation failures detected by WGA are a result of installs that use a stolen volume licensing key. Using stolen volume license keys has been a well known method of counterfeiting Windows XP for a while. This accounts for around 80% of the failures today. As an example, one stolen license key from a US university ended up on over a million PCs in China. The rest of the failures are caused by a mix of other types of counterfeiting and piracy, including a variety of forms of tampering, hacking and other forms of installing unlicensed copies. Sometimes people try to hack Windows Product Activation itself (often not totally successfully either) and other times people try to modify files to prevent XP from needing to activate at all. Some failures are caused by improper attempts to install or repair software on an otherwise genuine PC. All of these activities will result in WGA validation failures and they should.

I think it's super important to be clear about the idea of 'false positives' so I'd like to take this opportunity to explain a bit about how WGA works and why when some people believe they have a legit license for Windows but WGA fails to validate their installed copy.

To be precise, an actual 'false positive' would occur if WGA identifed a specific copy of windows installed on a system as non-genuine or unlicensed when in fact it was genuine and licensed. Of the hundreds of millions of WGA validations to date, only a handful of actual false positives have been seen. Most of these were due to data entry errors that were quickly corrected and only occurred for a short period of time.

Given the extremely small number of technical failures of WGA why else might someone think that their system was falsely identified as running counterfeit Windows? If they aren't actual 'false positives' what are they? It turns out there are a number of scenarios that could result in a WGA validation failure that a user might be surprised by or even deny including the following few scenarios:

Scenario 1: the PC user was sold counterfeit but it looks genuine to them so their first reaction is shock followed by disbelief and frustration (occasionally people seem to contact us right at this point!) but in truth these people are victims and the product is really a counterfeit made to look like genuine. When people are ripped of this way we offer to replace their product with a genuine copy if they fill out a counterfeit report and send it and the counterfeit into us. So far we've provided hundreds of free copies of Windows to users who've been ripped by high-quality counterfeit, and we plan to continue this offer.

Scenario 2: the PC user really doesn't know that they did something wrong, such as install the same copy and key to more than one PC at the same time. If a customer such as this bought their copy at a reputable outlet, a national chain or received Windows pre-installed on a PC from a major manufacturer they might believe that what they have is 'genuine' but they don't realize that they're violating the license in a way that results in a WGA failure. The solution to this is really educational, there are some requirements as to how Windows can be installed, these are of course spelled out in the EULA and for many are common knowledge.

Scenario 3: a friend or acquaintance offers to 'fix' or repair your system or offers a 'free upgrade' by installing their copy of Windows on your machine. as in the scenario above, if you didn't now that wasn't allowed under the license you have for Windows you might be surprised when WGA fails. The challenge in scenario 3 and 4 is that there is no way to tell the difference from someone unknowingly pirating the software, with good intent or not, and someone who does this for a living to rip off consumers and/or Microsoft.

Scenario 4: you take your PC to get a new video card or hard drive or to be worked on for some other reason at a repair shop, in the process of the upgrade a new [improper] copy of Windows is installed. Sometimes this happens because those doing the work will take shortcuts to install a copy of Windows that is laying around or is convenient. Often times this is done with a key and a copy of Windows that's handy for the repair person but is really the wrong version or edition or installation for your system. WGA detects some of these miss-matches and will fail systems that are installed with versions of Windows that aren't licensed properly. For customers who find themselves in this situation there's a number of solutions available none of which require that they purchase a new copy of Windows.

For all of these scenarios when validation fails the WGA website will offer a detailed explanation and an opportunity to print that detailed explanation in the form of a report explaining why a system failed. The owner of the PC can take this report to the place that sold them the their PC or performed the latest install of Windows to get help. While in the examples above the owner of the PC may not intend to do anything wrong and intentions are often innocent, these are in fact forms of software piracy.

These scenarios are not real 'false positives' because that the WGA software did perform as designed and accurately detect an install of Windows that was not licensed for the PC it was installed on or was wrong for some other reason. Still our team takes the customer experience in these scenarios very seriously.

Many teams across the company are working really hard, particularly our marketing folks, to educate customers about the benefits of genuine Windows and encourage them to ask for genuine software when buying a PC. We also have very hard working legal and investigative teams that work to help level the playing field for honest resellers by identifying and taking legal action against resellers who sell counterfeit and pirated Windows to consumers.

Lastly, I would like to ensure everyone that we investigate all credible reports we receive of false positives (though sometimes it's hard to chase down the details we need to try to repro reported failures). I hear in the halls sometimes of reported failures taking place but when the dev and test teams reproduce the steps reported the result is, far more often than not, that the software performed as designed and the failure was due to the software in fact being counterfeit and the customer simply not wanting to believe it.